36 matches found
CVE-2026-21385
CVE-2026-21385 is a memory corruption vulnerability in the Qualcomm Display component (graphics) used by Qualcomm chipsets, caused by memory alignment handling during allocation. Exploitation has been observed in the wild in a limited, targeted manner, with attackers able to push malicious data t...
CVE-2026-24085
Technical details about CVE-2026-24085 are not publicly available in the provided documents; the memory corruption description is noted but no affected products, affected versions, root cause specifics, or fixes are disclosed. Monitor for updates.
CVE-2025-59609
The CVE-2025-59609 issue is a disclosure vulnerability affecting how advertisement frames are processed when MBSSID elements are malformed or too short. The root cause is in the processing path that handles MBSSID elements, which may allow information exposure. The CVSS 3.1 vector indicates netwo...
CVE-2026-24087
Technical details (affected products/versions, root cause, exploitability, fixes) are not publicly available in the provided documents; monitor for updates.
CVE-2025-47389
CVE-2025-47389 describes memory corruption caused by a buffer copy operation failing due to an integer overflow during attestation report generation. Documents identify the issue as applicable to an Automotive Platform, with the CVSS v3.1 base score 7.8 (HIGH) and LOCAL attack vector, LOW attack ...
CVE-2025-59610
CVE-2025-59610 represents a memory corruption vulnerability that occurs when processing IOCTL requests with mismatched API versions, caused by concurrent modification of a user-space buffer. The CVSS 3.1 vector (L/H/C/I/A) indicates a Local, High complexity, High privileges required, no user inte...
CVE-2025-47385
CVE-2025-47385 involves memory corruption when accessing the Trusted Execution Environment (TEE) via the SCE-Mink register interface, due to improper privilege checks. Connected CVE records corroborate an improper access-control issue in the SCE-Mink component, with CVSSv3.1 score 7.8 (HIGH): loc...
CVE-2026-24091
Technical details about CVE-2026-24091 are not publicly available in the provided documents. Monitor for updates and new connected documents for affected products, versions, and fixes.
CVE-2026-24092
CVE-2026-24092 describes a memory corruption issue that occurs when processing fastboot commands to set the display mode. The available description does not specify the affected product/vendor/model, only noting a memory corruption vulnerability. The CVSS 3.1 score is 7.2 (High), with attack vect...
CVE-2026-24088
Technical details are not publicly available in the provided documents for CVE-2026-24088. Monitor for updates.
CVE-2026-24089
CVE-2026-24089 describes memory corruption that occurs when processing fastboot commands with invalid input. The NVD entry lists a CVSS v3.1 base score of 7.2 (HIGH) with physical attack vector, low attack complexity, no user interaction, requiring high privileges, and a changed scope. The impact...
CVE-2025-47379
Summary: CVE-2025-47379 describes memory corruption and potential use-after-free when multiple threads access a shared buffer in parallel due to improper synchronization between assignment and deallocation. The CVSSv3.1 base score is 7.8 (HIGH), with local attack vector, low attack complexity, an...
CVE-2025-47373
CVE-2025-47373 describes a memory corruption / out-of-bounds condition when accessing buffers with invalid length during a Trust Authority (TA) invocation in an automotive context. The CVSSv3.1 base score is 7.8 (High) with LOCAL attack vector, LOW privileges required, no user interaction, and fu...
CVE-2026-24090
Technical details (affected products, root cause, impact, and remediation) are not publicly available in the provided documents. Monitor for updates from the vendors and CVE feed.
CVE-2025-59604
CVE-2025-59604 is described as memory corruption during a memory copy operation caused by invalid writes from a null pointer. The connected documents do not specify affected product/vendor/component/version or concrete remediation details. The CVSS 3.1 metrics indicate high impact to confidential...
CVE-2025-59606
The CVE-2025-59606 entry describes a memory corruption flaw triggered by writing to invalid memory locations caused by heap exhaustion during secure data initialization. The CVSS 3.1 vector indicates a local, low-privilege, no-user-interaction exposure with high impact to confidentiality, integri...
CVE-2025-47378
CVE-2025-47378 is described as a cryptographic issue where a shared VM reference allows HLOS to boot the loader and access the certificate chain. Connected sources corroborate a cryptographic exposure affecting HLOS/boot chain components and reference related advisories from Red Hat and NCSC; how...
CVE-2025-47402
Technical details about CVE-2025-47402 are not publicly provided in the supplied documents. Monitor for updates from vendors and security bulletins.
CVE-2025-47381
CVE-2025-47381 corresponds to a memory corruption issue that occurs while processing IOCTL calls when there is concurrent access to a shared buffer. The CVSS 3.1 vector indicates a HIGH impact on confidentiality, integrity, and availability, with LOCAL attack vector, LOW attack complexity, LOW pr...
CVE-2025-47403
CVE-2025-47403 is a transient denial-of-service vulnerability in WLAN firmware related to processing a malformed Fast Transition (FT) response frame with an invalid header during wireless roaming. The issue affects the WLAN firmware component responsible for handling FT frames; the underlying cau...
CVE-2025-47375
CVE-2025-47375: Memory corruption when multiple user-space IOCTL calls are handled concurrently. Public records (NVD entry) confirm the issue and the CVSS 3.1 vector indicates Local, Low complexity exploitation with Low privileges required and high impact to confidentiality, integrity, and availa...
CVE-2025-47391
CVE-2025-47391 corresponds to a memory corruption issue described in connected records as a stack-based buffer overflow in a camera driver, triggered during processing of a frame request from user. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates local attack vector with low pr...
CVE-2025-47398
CVE-2025-47398 involves memory corruption due to improper handling of memory pointers during deallocation of GPU memory buffers. Red Hat and CVE aggregations label it as a Use After Free issue in graphics memory, implying a vulnerability in the graphics subsystem where freed memory is mishandled,...
CVE-2025-47386
CVE-2025-47386 affects automotive audio (per CVE listing) with memory corruption arising during IOCTL handling under concurrent access to a shared buffer. The connected CVE record notes a Use After Free root cause. Exploitation details are not provided in the available documents. No explicit reme...
CVE-2025-47397
CVE-2025-47397 describes a memory corruption vulnerability in GPU memory mapping using scatter-gather lists caused by unchecked IOMMU mapping errors. Affected component is involved in GPU memory mapping; the issue is exploitable locally with low privileges and no user interaction, with high impac...
CVE-2025-59600
The CVE-2025-59600 issue relates to a memory corruption condition arising when adding user-provided data without validating available buffer space, described as a Buffer Over-read in Graphics. The root cause is unchecked buffer capacity during data submission, leading to memory corruption. Docume...
CVE-2025-47376
CVE-2025-47376 describes memory corruption during concurrent access to a shared buffer in IOCTL handling. The CVE entries reference a use-after-free context noted in the CVE List entry (‘Use After Free in Automotive Audio’). The NVD summary repeats memory corruption during IOCTL concurrency. CVSS...
CVE-2025-47377
CVE-2025-47377 is described across connected records as a use-after-free/memory corruption issue in automotive audio related to IOCTL processing: a buffer is accessed after it has been freed, leading to potentially high impact. The CVE entry is linked to an automotive audio context, with a CVSS 3...
CVE-2025-47404
CVE-2025-47404 describes memory corruption that occurs when dynamically changing the size of a previously allocated buffer while its contents are being modified. The NVD entry lists a Local attack vector with Low exploit complexity and Low privileges, resulting in High impact to confidentiality, ...
CVE-2026-21370
CVE-2026-21370 is an out-of-bounds write in the camera driver causing memory corruption when validating input batch size and buffer plane count that exceed maximum allowed values. The issue is described as a memory corruption condition in the Qualcomm camera driver. Exploitation details beyond wh...
CVE-2026-21383
CVE-2026-21383 describes a cryptographic issue in which AES-GCM key wrapping uses a static initialization vector (IV). The static IV conflicts with the requirement for a unique IV per operation, which can undermine confidentiality and integrity. The CVSS 3.1 metrics provided indicate a high impac...
CVE-2025-47401
CVE-2025-47401 indicates a transient denial of service caused by a buffer over-read in the WLAN HAL during channel configuration while processing target power rate tables. The description across sources confirms the issue and impact to availability, but no concrete exploitation details, affected ...
CVE-2026-21384
CVE-2026-21384 describes a memory corruption vulnerability in a camera driver where updating prepared commands with invalid port indices (driven by user-space input) can exceed read client limits, causing an out-of-bounds write. The issue is tied to a local attack vector with high complexity and ...
CVE-2026-24082
CVE-2026-24082 concerns a memory corruption (use-after-free) issue in an Automotive GPU, triggered when copying data from a freed source during a performance counter deselect operation. The connected records specify a memory corruption vulnerability with CVSSv3.1 base score 7.8 (HIGH), attack vec...
CVE-2026-21368
CVE-2026-21368 describes an out-of-bounds write in a camera driver when parsing JPEG commands, caused by unaccounted extra writes to the buffer during validation. The CVSS vector indicates local access, high complexity, and low privileges required, with a Overall impact of low confidentiality, in...
CVE-2026-21369
CVE-2026-21369 describes a memory corruption in the camera driver when handling flash commands. The root cause is outdated LED count values being used after userspace modification, leading to out-of-bounds/write conditions. The weakness is limited to local attack vector with high complexity and l...